Organizations can Leverage HITRUST CSF Assessments for Vendor Risk Management
May 8, 2017 |Secaucus, NJ – Rsam, a leader in governance, risk and compliance (GRC) solutions, announced today that it will integrate with the Health Information Trust Alliance (HITRUST) Assessment Exchange (AX) within the Rsam platform. The HITRUST AX automates and streamlines the process of requesting and receiving third party risk assessments from vendors. Since 2011, Rsam has been a partner with HITRUST, author of the most widely adopted privacy and security framework (CSF) for healthcare organizations and their vendors.
“This past year, Rsam has talked to hundreds of organizations at vendor risk management (VRM) events around the country and common themes have emerged: The VRM is too cumbersome and requests for information are overwhelming vendors,” said Vivek Shivananda, CEO of Rsam. “Everyone wants to find a better way and now they will have one through the HITRUST AX. Rsam has nearly half a million licensed users in the healthcare industry today and we are excited to offer this new HITRUST AX integration to them to dramatically streamline the VRM process.”
Rsam’s GRC platform serves ½ million licensed healthcare users. Adoption of the VRM SaaS solution has skyrocketed in the past 12 months due to its quick implementation and fast time-to-value. The out-of-the box configuration guides organizations through key activities like categorization, assessment, issue tracking, notification, remediation and reporting. Instead of reinventing the wheel, organizations can solve for their most common challenges and iterate as they go. This flexibility is due to Rsam’s unique relational-data model, which enables users to centrally record and organize all risk management and integrate with third-party intelligence data for a 360 degree view. Integration with HITRUST AX further extends Rsam’s ability to streamline the entire vendor risk management cycle.
The HITRUST AX is a win-win for healthcare organizations and their vendors. It automates time-consuming tasks associated with gathering, managing and monitoring vendor assessments. In addition, vendors will benefit by the ability to “assess once and report many.” Once they’ve completed an assessment through HITRUST AX, the information can be used by other organizations.
“Other exchanges either lack a comprehensive and widely accepted assessment criteria, transparency and consistency, or don’t support exchanging of assessment details with the company’s existing vendor risk management systems,” said Daniel Nutkis, Chief Executive Officer, HITRUST. “The HITRUST AX leverages the HITRUST CSF and Assurance program and working with companies like Rsam to integrate the HITRUST AX into their vendor risk management solutions, enabling a giant leap forward in their vendor risk management program – not to mention the relief it will provide third parties servicing these organizations.”
The HITRUST CSF is the most widely-adopted security framework in the US health industry. It provides thousands of organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management. Similarly, the HITRUST AX will revolutionize how organizations of any size manage their vendor risk. It is intended to integrate and not replace an organization’s existing vendor risk management (VRM) system allowing specific vendors and assessments to be assigned to the HITRUST AX and to receive the HITRUST CSF Assessment report in a fully consumable format eliminating the manually posting of key assessment details.
The HITRUST Assessment Exchange is priced based on the number of vendors managed for a customer through the exchange. HITRUST is currently contracting with customers and anticipates the HITRUST Assessment Exchange being operational in Q3 of this year. Any valid CSF Assessment can be made available to the HITRUST Assessment Exchange when operational later this year.
Rsam is the fastest time-to-value and most flexible GRC, Vendor Risk Management and Security Operations, Analytics & Reporting (SOAR) platform provider. Our enterprise software platform uses a relational architecture and captures data in a single, centralized repository. Unlike other systems, we don’t hard-wire dependencies based on requirements that may be outdated before implementation even begins. Instead, the Rsam platform is built to adapt and put the user in control. Gone are the days of endlessly retrofitting a solution or failing to get it off the ground. With Rsam, you can have a baseline up and running in 30 days and iterate from there. Learn more at www.Rsam.com.
Rsam Media Contact:
201-875-3456 x 148
Founded in 2007, the HITRUST Alliance, a not for profit, was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST—in collaboration with public and private healthcare technology, privacy and information security leaders—has championed programs instrumental in safeguarding health information and managing information risk while ensuring consumer confidence in the organizations that create, store or exchange their information.
HITRUST develops, maintains and provides broad access to its common risk and compliance management and de-identification frameworks, and related assessment and assurance methodologies, as well as programs supporting cyber sharing, analysis and resilience. HITRUST also leads many efforts in advocacy, awareness and education relating to information protection.
For more information, visit www.HITRUSTalliance.net.